discussion paper enhancing external audit: learning · pdf filediscussion paper enhancing...
TRANSCRIPT
Discussion PaPer
enhancing external audit: Learning from the Public sector
acca
ACCA (the Association of Chartered Certified Accountants) is the global body for professional accountants. We aim to offer business-relevant, first-choice qualifications to people of application, ability and ambition around the world who seek a rewarding career in accountancy, finance and management.
We support our 131,500 members and 362,000 students throughout their careers, providing services through a network of 80 offices and centres. Our global infrastructure means that exams and support are delivered – and reputation and influence developed – at a local level, directly benefiting stakeholders wherever they are based, or plan to move to, in pursuit of new career opportunities. Our focus is on professional values, ethics, and governance, and we deliver value-added services through our global accountancy partnerships, working closely with multinational and small entities to promote global standards and support.
We use our expertise and experience to work with governments, donor agencies and professional bodies to develop the global accountancy profession and to advance the public interest.
Our reputation is grounded in over 100 years of providing world-class accounting and finance qualifications. We champion opportunity, diversity and integrity, and our long traditions are complemented by modern thinking, backed by a diverse, global membership. By promoting our global standards, and supporting our members wherever they work, we aim to meet the current and future needs of international business.
© The Association of Chartered Certified Accountants, January 2010
This paper compares and contrasts public sector audit with the private sector audit of listed companies in the UK. It follows ACCA’s publication The Future of Financial Regulation, which focused on the conditions that led to the failure of the banks, lessons learnt and recommendations for future regulation. Among its many findings, that paper concluded that:
‘Regardless of the conceptual approach adopted, what is essential is that regulatory authorities are effective in carrying out their various functions, in particular the supervision of regulated entities, and succeed in their regulatory objectives’.1
The present paper goes on to consider pricing, risks and audit liability across the public and private sectors, together with examining different practices for auditing the financial opinion, corporate governance, arrangements to prevent and detect fraud and corruption, value for money, and reporting. We draw conclusions on what, if anything, private sector audit can learn from public sector audit and set out some key future audit challenges.
1. John Davies and Ian Welch, The Future of Financial Regulation, ACCA, 2009.
3EnhAnCing ExtErnAl Audit: lEArning frOm thE PuBliC SECtOr
enhancing external audit: Learning from the Public sector
Gillian Fawcett, Head of Public Sector, ACCA
Although the aggregate size of income from audit and assurance work is significant, the actual size of the audit fee for each individual company and public body is trivial. For example, HSBC’s 2008 audit fee of USD77.2m (holding company plus subsidiaries plus other compliance) represents only 0.0009% of group turnover. An audit fee of 0.0005% is typical of a large, private and low-risk company’s turnover. Yet company shareholders and the chief finance officer continue to be preoccupied with reducing such costs. If a reduction in the level of audit fees were allowed to go too far, it could potentially compromise audit quality. It is worth remembering that while 31% of the income of the Big Four comes from audit fees, 16% arises from non-audit work for audit clients2 – largely tax and consultancy advice – yet much less external scrutiny is applied to these fees, which are usually charged at a premium rate, than is the case for audit work.
Concerns about fee levels also exist in the public sector. Most recently, the Local Government Chronicle (LGC) reported that single-tier councils (ie unitary authorities) and county councils are set to pay an average 10% less in fees for audits and inspections in 2009–10 than in the previous year.3 The rhetoric in the public sector is one of ‘strategic regulation’ and ‘reducing the burden of inspection’: concentrating audit resources where they are most needed while maximising their impact. It may be rhetoric but it has had proven results; for example, by 2006 the Audit Commission had significantly scaled back its activities and cut the cost of audit and inspection by 12% or £24m annually.4
2. Professional Oversight Board, Key Facts and Trends in the Accountancy Profession, 2009.
3. LGC, Lower Audit Fees for Single Tiers, 24 September, 2008.
4. Audit Commission, Strategic Regulation: Minimising the Burden, Maximising the Impact, 2004.
1. Private sector anD PubLic sector auDiting comPareD
1.1 the size and value of the external audit market
External audit is big business. Taking the combined income of the Big Four audit firms (PwC, KPMG, Ernst & Young and Deloitte) from financial audit and assurance work – £1.726 billion1 – and adding in the total income of £350 million for the key audit bodies for public services (the NAO, Audit Scotland, the Wales Audit Office, the Northern Ireland Audit Office, the Accounts Commission for Scotland, Monitor, and the Audit Commission) produces a significant combined total of £2.076 billion for the external audit of listed companies and public sector bodies in the UK.
The cost of audit is just one element of the total cost of regulation of public sector bodies within the UK – the global figure would be much bigger if one took into account the work of other regulatory bodies such as the Parliamentary and Health Service Ombudsman, Electoral Commission and Care Quality Commission, etc. These are excluded for the purposes of this paper to maintain the emphasis on financial audit and value for money.
1. Professional Oversight Board, Key Facts and Trends in the Accountancy Profession, June, 2009.
4
1.2 the external audit landscape
The Big Four firms dominate the audit of the UK listed companies; only 3% of FTSE 350 companies are audited by a firm outside the Big Four.5 Concerns about market concentration are constant. The UK government and the accounting regulator, the Financial Reporting Council (FRC), are both conscious of the risks associated with the heavy concentration of audit work among the large firms. Most recently, a CAMag article highlighted that:
the Financial Reporting Council has long been concerned about the risks posed by the Big Four’s dominance, but it has been less concerned about the price of audits than their availability should one collapse, which would suddenly leave companies bereft of services.6
In the public sector, the NAO, the Wales Audit Office, Audit Scotland and Northern Ireland Audit Office have responsibility for auditing central government, non-departmental government bodies and agencies. The Audit Commission (often confused with the NAO) is directly responsible for auditing local authorities, health, housing, police, and fire and rescue authorities in England. These are the key public sector audit institutions, although some private sector companies conduct some public sector audits. For example, the Audit Commission contract out 30% of public sector audits to the private sector and the non-executive boards of individual foundation hospital trusts are allowed to appoint an auditor of their choice.
In the public sector, the debate about audit regulation usually revolves around whether the current structure is fit for purpose and whether the NAO and the Audit Commission should merge. This has been discussed by the House of Commons Public Accounts Commission on numerous occasions. John Tiner’s review (January 2008) of the NAO’s corporate governance highlighted arguments for and against, including the following.
ForCost savings would be secured through the benefits of •scale and synergies.
There would be a single identity for the organisation •responsible for the audit of public money in the UK.
Improved consistency and quality would be achieved •through better sharing of knowledge and intellectual capital.
againstThere is no empirical evidence to suggest that the •current divide in responsibilities is operating against the public interest.
5. ‘Big Four Control Directly Link to Higher Audit Fees’, Accountancy Age, 29 April 2009.
6. ‘Andersen’s Collapse Results in Fee Bonus for the Big Four Rivals’, CaMag Online, 29 April 2008.
The constitutional background and the lines of •accountability for the audit of central government and local government are, properly, quite different and could become unclear if one body were responsible for both.
There would be a substantial challenge for the leaders •of a merged organisation in bringing together the different cultures and professional backgrounds of the people in the two organisations, which might divert attention from its formal responsibilities.7
The report concluded that it would be better to put the structure of the NAO on a firmer footing, continue to strengthen relationships between the two organisations and then evaluate in (say) six years the cost effectiveness of maintaining the divided structure compared with moving to a single body. It is more than likely that this debate will not die. Internationally, there are state audit functions that audit both central and local government.
1.3 the legal framework, codes of practice and auditing standards
All external auditor responsibilities, appointment formalities and duties are founded in legislation, although elaborated on by technical standards. In the case of limited companies, the relevant rules are contained in the Companies Act 2006. The NAO and the Audit Commission’s responsibilities are enshrined in the National Audit Act 1983 and the Audit Commission Act 1998 respectively. Auditors have specific powers and duties under the acts that cover matters of legality and, in the case of local government, electors’ rights.
There are many similarities. Auditors in both sectors adhere to the same high ethical principles, use the same basic methods and apply the same independent auditing standards. All have robust quality assurance processes in place and subject themselves to quality-control peer reviews. Auditors in both sectors are not responsible for the preparation of the financial statements of the entities they audit, but provide a level of assurance about whether they meet the standards expected of them, as laid down by the law and technical rules or standards.
Nonetheless, there are some key differences. Company auditors are appointed by the shareholders, whereas in the public sector Parliament has legislated to make the Comptroller and Auditor General (C&AG) the auditor of all government entities, recently extending his powers to audit the nationalised banks, such as Northern Rock. The Audit Commission, rather than the public bodies themselves, is responsible for appointing auditors and determining their terms of appointment.
7. Public Accounts Commission Report, Fourteenth Report of Session 2007–8, Review of the National Audit Office’s Corporate Governance, HC328:18, 2008.
5EnhAnCing ExtErnAl Audit: lEArning frOm thE PuBliC SECtOr
Some would argue that the public sector does not have the same issues of auditor independence as the private sector, where, arguably, company management exerts more influence than the shareholders on the process of selecting and appointing auditors, a situation which could compromise auditor independence.8 Equally, the provision of non-audit services (consultancy and tax advice) can potentially compromise the auditor’s obligation to carry out the audit fearlessly and independently. During the House of Commons Treasury Select Committee’s recent inquiry into the banking crisis, MPs raised concerns over auditor independence, citing examples of firms that had offered non-audit work to clients.9 Given that the public sector is exposed to wider audit coverage than the private sector, there is no need to provide consultancy or advisory services to public bodies. Where consultancy services have been provided this has been in an incidental way only, such as in the dissemination of good practice advice. Nonetheless, public bodies can and do use private accountancy firms to undertake consultancy work such as specialist tax advice.
Most recently, questions have been raised where the external auditor of UK listed companies has carried out internal audit work for the same clients. The chief executive of the Institute of Internal Auditors (IIA) has been quoted as saying that ‘this practice creates a perceived impairment of independence and erodes public trust’.10 The practice may also be in conflict with the changes that were made after the Enron scandal, which resulted in a greater separation of internal and external audit work to avoid the danger that auditors would audit their own internal work and to make sure they would not be in a position to advocate for management or to be in an unacceptable position of conflict of interest.
Given that the selection of a company auditor may be based too heavily on the fee quoted, this could also compromise the quality of the audit. This is not an issue in the public sector as fees are set by the Audit Commission and the NAO.
The scope of audit and assurance work differs widely between the two sectors. The most distinguishing factor is that a central feature of audit within the public sector is a regulatory objective, whereby the auditor is required to provide assurance that the transactions recorded in the financial statements are in accordance with the relevant authority, legislation and regulations.
8. New South Wales, Auditor General’s Report to Parliament, Volume One, 2003.
9. ‘Auditors Not to Blame for Banking Crisis, Academic Tells MPs’, Accountancy Age, 29 January, 2009.
10. ‘Questions raised over internal and external audit divide’, International Accounting Bulletin, 31 August 2009.
Private sector audit has a much narrower scope, essentially being limited to a true and fair opinion on the company’s financial statements, whereas, in the public sector it must cover not only the audit of financial statements, but also aspects of corporate governance and arrangements to secure value for money (i.e. the economic, efficient and effective use of resources).11 The reports on value for money are published separately. This wider remit has arisen because ‘most public bodies provide services rather than make profits and as a result their financial statements only give limited information about their performance’.12 External audit in the public sector is an essential part of the process of accountability for public money and the governance of public services.
1.4 the pricing structure
The procedure for setting the audit fee is different in the two sectors. The pricing structure is criticised for potentially compromising the quality of an audit in the private sector and used as a political football in the public sector. In the private sector, authority to agree the auditor’s fees is invariably delegated by the shareholders to the directors. In the public sector, fees are determined by the audit bodies that regulate the sector. The Audit Commission sets the fee for local government and the NAO sets a notional charge for government departments based on the concept of saving a sum of money for every pound spent by the NAO, and an actual fee is charged for Non-Departmental Public Bodies (NDPBs). That said, they cannot charge whatever they want, there is full consultation and much lobbying, particularly by the local authorities before the fees are set.
A study commissioned by BDO Stoy Hayward13 and conducted by the London School of Economics (LSE) examined whether there was a direct causal relationship between the high concentration of work among the ‘Big Four’ auditors and the level of audit fees paid by the large corporate bodies. It excluded factors such as changes in regulation and inflation. The resulting report concludes that there is evidence to suggest a link between audit market concentration and higher audit fees. For example, following the reduction from five large firms to four in 2002, audit fees increased by 2.4% and have continued to grow since then. The research concluded that, should one of the big firms leave the market, audit fees would be certain to escalate.
11. Audit Commission, Code of Audit Practice, 2008.
12. Rowan Jones and Maurice Pendlebury, Public Sector Accounting, 2000.
13. Thomas Kittsteiner and Mariano Selvaggi, Concentration, Auditor Switching & Fees in the UK Audit Market, LSE, 2008.
6
In addition, critical commentators have asked what benefits derive from the audit fee. When comparing the audit fees for companies and for local authorities of roughly similar size, it appears that a greater benefit is delivered in the public sector. For example, a £700k audit fee for a large city council in England buys the audit of the statutory accounts, service inspections and assessments of the council programmes. If this is compared with a private sector company of similar size with an audit fee of £800K that fee buys only the audit of the company’s financial statements. There is more ‘bang for the buck’ from a public sector audit and this is not a question of differences in quality, as both sectors have rigorous audit quality regimes.
1.5 risk and audit liability
The banking crisis has fuelled the debate about the role of auditors and the scope of the audit of limited companies. Auditors have escaped the severe criticism reserved for regulators, credit reference agencies, non-executive directors and other key City figures. The Treasury Select Committee’s recent report into the 2008 banking crisis concluded that ‘There is very little evidence that auditors failed to fulfil their duties as currently stipulated’.14
Historically, the audit profession in the private sector has resisted the idea of extending the scope of the audit. The main argument is that it would increase the exposure of the auditor to what is already a substantial liability. Perhaps another underlying reason for resistance to change is that extension of scope might have an effect on the income that the large audit firms currently derive from non-audit work. It is interesting to note that, when competing for public sector audits, these same firms are willing to deliver the wider-scope audit in accordance with the relevant codes of practice, such as the Audit Commission Code, irrespective of potential increased auditor liability. On the other hand, it should also be borne in mind that the public sector is considered less litigious than the private sector and therefore less of a commercial risk. For example, the Comptroller and Auditor General of the NAO is protected under Parliamentary Privilege and cannot be sued. This may account for the adaptability of private audit firms in providing a wider audit service.
Private sector auditors, the UK government and regulators alike should have a keen interest in the issue of limiting auditors’ liability to sensible and proportionate levels. Litigation is not uncommon and the costs of getting it wrong are potentially ruinous where a large, publicly traded company receives an unqualified audit report and shortly thereafter collapses with news that the financial statements are grossly misstated. If one or more major accounting firms leave the market because they cannot meet a potential liability this could be a major threat to the market and to confidence in corporate reporting in the UK.
14. House of Commons, Treasury Committee’s ninth report of session 2008–9, Banking Crisis: Reforming Corporate Governance and Pay in the City, HC519, 2009.
In response to these concerns, the European Commission has issued a formal recommendation to EU member states to introduce rules to allow auditors to limit their liability for negligent work. This followed an independent study into the economic impact of current auditors’ liability regimes and insurance conditions in member states.15 It recommended a regime of proportionate liability, according to which statutory auditors and audit firms would be liable only to the extent of their responsibility for the damage caused by their actions. In the UK, the Companies Act 2006 has introduced an entitlement for companies and their auditors to enter into liability limitation agreements, subject to shareholder approval. The Financial Reporting Council (FRC) has issued guidance for companies and auditors about the mechanics of entering into these agreements. Even so, to date their use does not appear to be widespread. This may be because it is the duty of directors under company law to act in the best interests of the company and therefore if they enter into a limited liability agreement they could be accused of not meeting this duty. It would seem sensible at some stage to have a comprehensive evaluation of the rate of adoption of these agreements and to investigate the reasons for the apparent lack of enthusiasm for limitation of liability agreements.
But what of the public sector audit liability? When did we last read of the Appointed Auditor or C&AG being sued because of negligence? The answer would be rarely in the case of the Appointed Auditor and, as stated above, never for the C&AG because of Parliamentary privilege. This could be because the risks in the public sector are much lower as it is less likely that managers or politicians of the public bodies would want to use public funds to pursue lengthy legal battles at the expense of supporting front-line services and the taxpayer. Also, the fact that ‘the final sanction of bankruptcy does not exist’16 means that there is not the same imperative for a public body to sue the auditor if the latter fails to spot, for example, a health trust’s misstated financial deficit.
That said, there have nonetheless been legal worries for auditors. Many will remember the Westminster ‘homes for votes’ scandal of the late 1980s, after which Dame Shirley Porter challenged the district auditor’s powers to surcharge councillors to the tune of £32m, which represented the loss to the taxpayer resulting from the sale of homes. Her challenge to the district auditor’s 1996 conclusion that she must repay this money was successfully upheld in the Court of Appeal in 1999, but in 2001 five law lords unanimously allowed an appeal by the district auditor and ordered Porter to make good her losses.
15. Recommendation in a council directive concerning the limitation of civil liability of statutory auditors and audit firms, EC (2008) 2274.
16. D. Henley, Clive Holtham, A. Likierman and J. Perrin, Public Sector Accounting and Financial Control, Van Nostrand Reinhold International, 1989.
7EnhAnCing ExtErnAl Audit: lEArning frOm thE PuBliC SECtOr
In 2004 she gave back to the council £12m as settlement of the surcharge. At the time the cost to the taxpayer for legal action was £5m. Other cases have centred on whether or not the appointed auditor has a duty of care to the public body. For example, health trusts in Wiltshire challenged the advice given by a district auditor. If they had been successful it would have meant that auditors would be less likely to give such advice.
Most recently, two local authorities have threatened the Audit Commission with legal proceedings over its use of the word ‘negligent’ to describe their failure to ensure the security of public funds in Icelandic banks. Interestingly, mindful of the costs of litigation, the Audit Commission has sought to avoid the expense of court action through mediation, which prevented expensive costs being borne by the tax-payer, irrespective of the outcome.
In the public sector, there are more complex relationships between the Audit Commission, its auditors and public bodies. Appointed auditors are required to discharge their statutory and other responsibilities, and to exercise their professional judgement independently of the Audit Commission and its officers, and of the audited body. These decisions can only be challenged in court. Nonetheless, the Audit Commission indemnifies its auditors against any charges, losses and expenses should legal proceedings be taken against them.
1.6 the financial audit and assurance work
The technical procedures involved in the audit of financial statements in the private sector and the public sector are very similar. Both adhere to similar auditing standards and undertake similar processes to gain assurance about the adequacy of the underlying controls and systems that support the transactions. In relation to accounting standards, listed companies and, since 1 April 2009, public sector bodies apply International Financial Reporting Standards (IFRS). The key difference is the wider scope of the public sector audit, which is determined by the legal framework in which it operates. The Audit Commission’s Code of Audit Practice (2008) sets out the distinctive feature of audit:
The scope of the auditors’ work is extended to cover not only the audit of financial statements, but also aspects of corporate governance and arrangements to secure the economic, efficient and effective use of resources.
1.7 value for money
In ACCA’s view, the wider scope of public sector audits allows them to be more progressive and innovative than audits conducted in the private sector. Over the years, the challenge for the NAO, its devolved bodies and the Audit Commission has been to evolve robust methodologies for auditing value for money and they have responded well. For example, the ‘use of resources’ element of Comprehensive Area Assessment (CAA) – previously the Comprehensive Performance Assessment (CPA) – developed by the Audit Commission for local government focuses on whether an entity has:
sound and strategic financial management•
robust strategic commissioning arrangements•
good management of natural resources, assets and •people.
This approach to ‘use of resources’ is on a risk basis and draws on cumulative audit knowledge and evidence, which means that the audit is proportionate. An organisation that is efficient can expect to have less audit work undertaken on ‘use of resources’ than poorly performing organisations. It means that at any one time the auditor has a good, all-round understanding of the organisation and can identify early the managerial, governance and financial risks. ‘Use of resources’ is possibly the most progressive audit framework in the world.
Similarly, the NAO reports on value for money on a wide range of issues and all aspects of government. The identification of £656 million of public expenditure savings in 2008, and 60 value-for-money reports, covering topics from private finance initiatives to the environmental impact of the government’s procurement programme, is an impressive record.
Nonetheless, it is important not to conclude from this that auditing in the private sector is solely concerned with the audit of financial statements. Private sector auditors do consider issues of economy and efficiency as a matter of course because, for example, inefficient systems such as poor inventories will affect the value of stock in the balance sheet. They are also required to review and report on aspects of corporate governance. It has been reported that ‘the legally sensitive nature of audit in the private sector has tended to deflate shareholders’ expectations’ of audit. In practice, the audit is more wide ranging than official definitions suggest’.17 While this may be so, auditors in the private sector have been increasingly reluctant to expand the scope of the audit in the face of an upsurge in legal actions. It should also be noted that the UK courts have taken a consistently cautious line on questions of auditor liability.
17. Rowan Jones and Maurice Pendlebury, Public Sector Accounting, FT Prentice Hall, 2000.
8
There is little doubt that the scope of audit is much wider in the public sector, where there is a stronger emphasis on governance arrangements and value for money; in particular, auditors assess performance outcomes. The move to auditing outcomes in the public sector has been very much welcomed by the public bodies themselves; the audit has now evolved from auditor assessments on outcomes of single organisations to those for whole localities. In central government this has manifested itself in capability reviews of departments. Much of this work, carried out by private sector auditors, is non-audit work: in other words, consultancy.
1.8 governance
In the public sector auditors are expected to form a view as to whether the annual governance statements of an organisation are robust. Organisations such as local authorities are required to produce comprehensive governance statements that cover a range of organisational arrangements. These are statements unique to the sector (required by Regulation 4 of the Accounts and Audit Regulations 2003 (amended 2006), which require councils to review the ‘effectiveness of their system of internal control’). They cover:
performance management•
business strategy and planning process•
budget and budgetary control•
code of corporate governance•
project management•
risk management / counter-fraud policy•
ethical governance•
policies, procedures, codes of conduct•
partnership protocol.•
In the private sector there is no equivalent responsibility and it would be unlikely that there would be an appetite for auditing annual governance statements because of the potential increased liability that may ensue.
The Audit Commission’s auditors review these statements and the arrangements that sit behind them before arriving at the ‘use of resources’ score for the organisation. There are key benefits to the auditor and organisation as both will receive additional assurance about how the organisation is governed and will be better placed to spot the early warning signs and/or emerging issues. Arguably, if private sector auditors were to review governance arrangements in a similar fashion, it might go some way to addressing the Treasury Select Committee’s concerns that the current auditing process is ‘tunnel visioned’. It would allow auditors to establish a ‘big picture’ view of the way the organisation is governed and put them in a better position to identify problems early.
1.9 the prevention and detection of fraud
According to KPMG’s Fraud Barometer, over 160 cases of serious fraud involving sums over £100,000 came to UK courts in the first half of 2009, worth a total value of £636 million. This is the highest number of cases in a six-month period in the 21-year history of the Barometer. Twenty-five central government bodies reported 761 cases of internal fraud or theft with a total value of almost £4.3 million for the year 2007/08.18
Whereas it is the responsibility of management in organisations to put in place arrangements to detect and prevent fraud, it is generally accepted practice for auditors to develop an audit objective and design procedures that will give them a reasonable expectation of detecting and evaluating material misstatement and irregularities arising from fraud and corruption.
Arguably, in the public sector the responsibilities of the auditor to detect and prevent fraud and corruption are much greater. Recent audit developments have arisen because of high-profile corporate failures that were generally underpinned by poor standards of behaviour and/or corruption in the public sector. The need to increase public trust and hold managers and politicians to account more effectively are recurring topics in debates about publicly funded bodies. As a result, ethical governance audits have been developed by organisations such as the Audit Commission as a means of identifying problems early enough and to allow benchmarking for ethical governance across organisations.
Prior to this, audit in the public sector traditionally focused on compliance and risk; this often led to a ‘tick box’ approach. The Audit Commission recognised the danger of being too focused on the application of controls and structures rather than the cultural characteristics of an organisation. As a result it developed audit tools such as ‘changing organisational cultures’ to test the ethical standards actually applied within organisations. Like KPMG’s Fraud Barometer in the private sector, other initiatives in the public sector have included surveying fraud and corruption in local government and the introduction of a National Fraud Initiative (NFI), which helps authorities to identify fraud through data matching.
This is not to say that the prevention and detection of fraud in the public sector is more rigorous than that in the private sector. Apart from their obligations under auditing standards, private sector auditors are obliged to report suspected frauds, and any other matters that involve the financial proceeds of crime, to the Serious Organised Crime Agency. Nonetheless, the emphasis put on fraud in the context of public sector audit is arguably stronger because of the public accountability imperative. Interestingly, although it is in both sectors’ interests to prevent and detect fraud because of the significant damage it can cause organisations and individuals, the
18. http://www.fraudadvisorypanel.org/newsite/Fraud/Keyfacts.htm
9EnhAnCing ExtErnAl Audit: lEArning frOm thE PuBliC SECtOr
reporting of fraud differs widely. Private sector companies are less likely to want to report or admit to fraud because of its adverse impact on shareholder value – potential investors are less likely to invest. This makes it all the more necessary for private sector auditors to be alert to the possibility of fraud.
1.10 reporting
The outputs from both sets of external auditors are similar in many respects. Both provide an audit plan, give an opinion on the accounts and provide audit management letters (the latter outline key findings from their audits that need management attention). Regular contact is also maintained throughout the audit. Nonetheless, there are some aspects unique to the public sector and these are enshrined in statute. These include: considering reporting in the public interest where there is a matter that may need to be brought to the attention of the public (these reports are rare; 21 public interest reports were issued between 1997 and 2005).19
There is a greater diversity of reporting in the public sector, possibly driven by its multiple stakeholders and the need to report on performance and not profit. The audiences for the reports differ. In the case of limited companies, the primary audience, for the financial statements and the audit report, is the body of shareholders. (Note also the legal position, which is that the main purpose of a company’s accounts is to allow shareholders to judge the directors’ stewardship of their company). In the public sector, there are multiple stakeholders for an organisation’s accounts, including Parliament, other public bodies and citizens. As a result innovative methods of reporting have been explored, including score cards. More recently, with the advent of the CAA, a red and green flag system has been introduced that highlights risks to which an organisation will need to attend.
Audit reporting in the public sector continues to be controversial as it attempts to satisfy such a diverse audience. The public’s information needs are very different from those of politicians and managers, yet audit reporting attempts to satisfy them all.
19. Mark Wardman and Gillian Fawcett, Ethical Governance in Local Government in England: A Regulator’s View, Ethics and Integrity of Governance, Edward Elgar publishing, 2008.
2. chaLLenges For externaL auDit across both sectors
The challenges for the auditors in both sectors are similar. Following the banking crisis and a catalogue of company failures, the ‘Big Four’ and other auditing firms need to re-build the confidence of investors and other stakeholders and manage shareholders’ expectations about audit. The NAO, devolved bodies and the Audit Commission have roles to play in building public trust and confidence about the proper stewardship of public funds, particularly in light of service failures, recent government department qualified accounts, Icelandic bank investments and MPs’ expenses.
There can be little doubt that the public sector has a high profile. If one picks up a newspaper, the headlines are often about hospital trust deficits or high council taxes or pensions in the public sector. Improving the stewardship and accountability of public money will be a continuing challenge for auditors. Reducing the burden of inspection will be just as important, given the current economic climate, as ensuring that regulators work in a coordinated way. There is a lot of evidence to show that the NAO, devolved audit bodies and the Audit Commission are already doing this.
The price and availability of audit will continue to be issues for the private sector. If the ‘Big Four’ were reduced to three there could be a similar hike in audit fees to that identified in the research commissioned by BDO Stoy Hayward after the collapse of Arthur Andersen. The need to respond to shareholder pressures without compromising the quality of the audit is of concern, and shareholder expectations need to be managed. Questions over auditor independence in the private sector, particularly where an organisation being audited is also paying for significant consultancy work, will not go away unless this whole issue is reconsidered.
A key and perhaps overriding challenge for both audit sectors is to develop a methodology for audit that is focused on ‘prevention not cure’. Despite the diversity of audit approaches discussed in this paper, corporate and service failures still occur and the question is repeatedly asked: ‘where were the auditors?’
10
3. concLusion: What has Private sector auDit to Learn, iF anything?
There are significant cultural and structural barriers that prevent the private sector from adopting the model of audit currently undertaken in the public sector. Despite this, we have identified a number of similarities in approach, particularly on the financial and assurance work, and some lessons to be learnt.
Although there may be some resistance to widening the scope of audit in the private sector because of a potential expansion of auditor liability and increased audit fees, there clearly are examples where private sector auditors have successfully done this, particularly in pursuit of public sector audit work. It can be done. If auditors are to get a ‘big picture’ view of an organisation, as identified by the Treasury Select Committee, there is an argument for extending the audit scope and re-balancing audit and assurance as against consultancy. This could also help to address the independence issues and in some cases prevent litigation because warning signs/emerging issues would be identified earlier.
The fact that the public sector audit extends beyond the financial statements to making assessments about the performance of an organisation has to some extent allowed public sector audit to be more innovative and challenging in its approach. For example, this has probably allowed the Audit Commission to develop the most sophisticated audit in the world (CAA); one focused on outcomes. There is a danger that audit developments in the private sector are stifled because of the fear of litigation, which means that auditing may become less innovative and perhaps even more ‘tunnel visioned’ than it is perceived to be now.
There are lessons to be learnt from the public sector on its approach to auditing risks and governance and these could be transferable to private sector auditing. The challenge for the private sector is to reduce the audit burden at the same time as ensuring that an audit is sufficiently robust to identify risks and emerging problems. In this respect there is much to be learnt from public sector audit, where this has been achieved, notably the significant scaling back of the Audit Commission’s fees while at the same time delivering an effective audit.
There remains much to be done about managing shareholder expectations and there is an important role for the auditor in more effective communications. In the public sector there is usually full consultation about proposals for changes in audit methodologies and auditing practice. This in itself manages the expectations of managers and politicians within the sector. It is not without controversy but ensures a healthy debate. In the aftermath of the banking crisis it is perhaps now time that the government, auditors and company shareholders have the debate about the scope of the audit, to help prevent the corporate failures of the future.
4. recommenDations
We make the following recommendations.
Better education and improvements in the •transparency of the audit process are needed. Following the financial crisis and the catalogue of public sector scandals, the ‘Big Four’, the NAO, the Audit Commission and other auditors have a responsibility to re-build the confidence of investors and other stakeholders.
The scope and narrow terms of reference of audits in •the private sector should be reviewed so as to provide an effective deterrent, promote confidence and drive up reporting standards. Audits that undertake an assessment of the ‘bigger picture’ are much better placed to detect potential failings earlier.
Private sector auditors should take the opportunity to •learn from their public sector counterparts; in particular, their approach to auditing risks and the broader aspects of governance.
There should be further investment and research to •develop an audit methodology focused on a ‘prevention not cure’ agenda.
The impact of audit price and the fear of litigation on •the quality of an audit should be evaluated. There is a danger that audit developments in the private sector have become stifled because of these factors.
tECh-tP-gf05
ACCA 29 Lincoln’s Inn Fields London WC2A 3EE United Kingdom / tel: +44 (0)20 7059 5000 / www.accaglobal.com